Skip to content

Archive Project custom permission

Alex Buijs requested to merge archive-project-custom-permission into master

What does this MR do and why?

This MR adds Archive Projects as a customizable permission, so that it can be added onto any base role.

This makes archiving projects available to all roles, as the Owner role might have too many privileges for all use cases.

Issue: #425957 (closed)

Screenshots or screen recordings

Group owner:

Screenshot_2023-10-25_at_14.59.49

Group member with custom archive_project role:

Screenshot_2023-10-27_at_16.12.16

How to set up and validate locally

  1. Enable the archive_project_custom_permission Feature Flag: 
    Feature.enable(:archive_project_custom_permission)
  2. Create a namespace and a project within that namespace and apply the Ultimate license to the namespace.
  3. Create a new custom role that enables archive_project from Group -> Settings -> Roles and Permissions
  4. Invite a (guest) user to the group and assign this role to the user. As there is currently no UI for doing this, make a REST API call: 
    curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id": '$MEMBER_ROLE_ID', "access_level": 10}' "http://localhost:3000/api/v4/groups/$ID/members/$USER_ID"
  5. Log in as the guest user with the archive project custom permission and check if you can do the following actions:
    • Archive the project from the UI and via REST API
    • Unarchive the project from the UI and via REST API

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Alex Buijs

Merge request reports